Vulnerabilities > Insufficient Session Expiration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-22 | CVE-2019-5647 | Insufficient Session Expiration vulnerability in Rapid7 Appspider The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. | 7.1 |
| 2020-01-14 | CVE-2020-0621 | Insufficient Session Expiration vulnerability in Microsoft products A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'. | 4.4 |
| 2019-12-31 | CVE-2019-10229 | Insufficient Session Expiration vulnerability in Mailstore and Mailstore Server An issue was discovered in MailStore Server (and Service Provider Edition) 9.x through 11.x before 11.2.2. | 8.8 |
| 2019-12-18 | CVE-2019-11106 | Insufficient Session Expiration vulnerability in Intel products Insufficient session validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
| 2019-12-18 | CVE-2019-8803 | Insufficient Session Expiration vulnerability in Apple products An authentication issue was addressed with improved state management. | 8.4 |
| 2019-11-19 | CVE-2019-12421 | Insufficient Session Expiration vulnerability in Apache Nifi When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. | 8.8 |
| 2019-11-06 | CVE-2019-8149 | Insufficient Session Expiration vulnerability in Magento Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 9.8 |
| 2019-10-16 | CVE-2016-11014 | Insufficient Session Expiration vulnerability in Netgear Jnr1010 Firmware NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case. | 9.8 |
| 2019-10-09 | CVE-2019-17375 | Insufficient Session Expiration vulnerability in Cpanel cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517). | 8.8 |
| 2019-09-27 | CVE-2019-9269 | Insufficient Session Expiration vulnerability in Google Android 10.0 In System Settings, there is a possible permissions bypass due to a cached Linux user ID. | 7.3 |